Dunwoody: Sensitive Camera Access for Demos, Contract Renewed with Flock Safety

A recent revelation has shaken residents of Dunwoody, an Atlanta suburb in Georgia. It emerged that employees of Flock Safety, a company specializing in surveillance technology, accessed sensitive cameras within the city. The objective was to use this footage for sales demonstrations to police departments across the country. Among the monitored areas were a children's gymnastics room, a playground, a school, a Jewish community center, and a swimming pool, immediately raising concerns about privacy and the security of sensitive data.

The incident came to light thanks to the initiative of Jason Hunyar, a Dunwoody resident, who obtained Flock Safety's access logs through a public records request. His findings, detailed in a post titled "Why Are Flock Employees Watching Our Children?", questioned the company's practices and the oversight by city authorities. Despite the controversy and community concerns, the city of Dunwoody decided to renew its contract with Flock Safety.

The Controversy and Flock Safety's Defense

Flock Safety acknowledged that camera access occurred but disputed the characterization of events by residents and activists. A company spokesperson stated that Dunwoody is part of a "demo partner program," where the city authorizes specific Flock employees to access systems to demonstrate new products and features under development. The company also specified that selected engineers can access accounts with customer permission for debugging activities or to resolve any issues that may arise. Flock categorically denied any "spying on children in parks" activities, calling such accusations "unequivocally false."

The company also argued that it is more transparent than other entities in the surveillance sector, precisely because it generates access logs that can be obtained through public records requests. This argument, however, clashes with Flock's public policies, which state in its FAQ page that "Flock customers own their data" and that "Flock will not share, sell, or access your data." Furthermore, it reads that "nobody from Flock Safety is accessing or monitoring your footage." The discrepancies between public statements and practices revealed by access logs raise questions about the consistency of company policies and customer trust.

Implications for Data Sovereignty and Infrastructure Control

The logs obtained by Hunyar highlighted that some of the accessed cameras were located in particularly sensitive areas, such as the swimming pool at the Marcus Jewish Community Center of Atlanta and the children's gymnastics room at the same center, as well as several private fitness centers and studios. This demonstrates the breadth of Flock's surveillance systems, which can encompass not only cameras purchased by the city but also those owned by private businesses. Flock's ability to integrate and access such a vast surveillance infrastructure, including both public and private assets, poses significant challenges in terms of data sovereignty and control.

For organizations evaluating the deployment of complex systems, including Large Language Models (LLM) or other AI solutions that handle sensitive data, this case underscores the importance of clear and robust data management agreements. The choice between self-hosted and cloud-based or hybrid solutions must carefully consider who has access to the data, where it is stored, and how it is used. The promise of "radical transparency" through access logs is a step, but data governance and access policies must be explicit and unambiguous, especially when dealing with sensitive data or critical infrastructure.

Lessons for Technology System Deployment

Following the revelations, Flock Safety announced that it will stop using Dunwoody's cameras for its demonstrations and will commit to training its employees to conduct demos only in more public locations, such as retail parking lots. The company defended its employees, stating that they acted with the city's explicit permission and that accusations of "spying on children" are serious and unfounded.

This episode offers crucial insights for CTOs, DevOps leads, and infrastructure architects who are defining deployment strategies for AI/LLM workloads. The Dunwoody case highlights the need for thorough due diligence on technology providers, particularly regarding data access policies, their management, and compliance with privacy regulations. A company's ability to access sensitive data, even with customer permission, must be balanced with the need to maintain rigorous control and ensure data sovereignty. AI-RADAR offers analytical frameworks on /llm-onpremise to evaluate the trade-offs between control, security, and Total Cost of Ownership (TCO) in on-premise deployment decisions.